Vulnerabilities > Seopanel > SEO Panel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-22643 | Cross-Site Request Forgery (CSRF) vulnerability in Seopanel SEO Panel 4.10.0 A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | 6.5 |
| 2024-01-30 | CVE-2024-22646 | Information Exposure Through an Error Message vulnerability in Seopanel SEO Panel 4.10.0 An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. | 5.3 |
| 2024-01-30 | CVE-2024-22647 | Information Exposure Through Discrepancy vulnerability in Seopanel SEO Panel 4.10.0 An user enumeration vulnerability was found in SEO Panel 4.10.0. | 5.3 |
| 2024-01-30 | CVE-2024-22648 | Server-Side Request Forgery (SSRF) vulnerability in Seopanel SEO Panel 4.10.0 A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. | 5.3 |
| 2021-11-05 | CVE-2021-39413 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. | 4.3 |
| 2021-03-18 | CVE-2021-28419 | SQL Injection vulnerability in Seopanel SEO Panel 4.8.0 The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | 6.5 |
| 2021-01-01 | CVE-2021-3002 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | 4.3 |
| 2017-08-29 | CVE-2017-10839 | SQL Injection vulnerability in Seopanel SEO Panel 3.3.1/3.4.0/3.5.0 SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2017-08-29 | CVE-2017-10838 | Cross-site Scripting vulnerability in Seopanel SEO Panel 3.3.1/3.4.0/3.5.0 Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-01-13 | CVE-2014-100024 | Cross-site Scripting vulnerability in Seopanel SEO Panel 3.3.1 Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |